Policies play a vital role while giving access to users other than the Admin and what kind of access the user has got, all these comes under Policies.
In this post, we are going to cover the basic overview of Policy and how we use Policy in Oracle Cloud.
Overview Of Policy In Oracle Cloud
A Policy is a document that specifies who can access which Oracle Cloud Infrastructure resources that your company has, and how. A policy simply allows a group to work in certain ways with specific types of resources in a particular compartment.
If you’re not familiar with users, groups, or compartments, check our post, HERE
To govern the control of your resources, your Cloud account will have at least one policy. Each policy consists of one or more policy statements that follow this basic syntax:
Allow group <group_name> to <verb><resource-type> in compartment <compartment_name>
Why We Use Policies?
In any Cloud Account, there are certain resources and the services that only the Admin has all the permissions and privileges to access. But as Cloud is a multi-tenant service, we can add users other than the Admin. As the access of the resource is to be defined for the new users, this will be done with the help of policies.
The policy statement will specify which user can access what resources in which compartment.
Scope Of Polices
You can define Policies at two levels, i.e at Compartment Level and at Tenancy Level
- Compartment Level: We assign Policies to Groups at Compartment Level as:
Allow group <Group> to manage all-resources in compartment <Compartment>
- Tenancy Level: We assign Policies to Groups at Tenancy Level, hence all the compartments in that tenancy and all the groups under these compartments will have access to all the resources defined in the policy.
Allow group <Group> to manage all-resources in tenancy
Key Points For Policies
- Policies only allow access; they cannot deny it.
- You can give policies at two-level, i.e, Compartment Level & Tenancy Level
- By default, users can do nothing and have to be granted access through policies.
- An administrator in your organization defines the groups and compartments in your tenancy.
Steps To Define Policy
- Create a User in the Identity–>User–>CreateUser.
- Once the User is Created, Create one Group, under Identity–>Groups–>Create Groups.
- After that, add the created user to the Group, under Identity–>Groups–>GroupName–>Add User To Group
- Then, Go under Identity–>Policies–>Create–>Policy.( Define policy )
If you face any issue while creating the policy under the compartment, check our blog HERE
Use Case: Policy To Manage Resources In Tenancy (Non-Admin User)
Step 1: We created a User under Identity–>User–>CreateUser–>Test.
Step 2: Create one Group, under Identity–>Groups–>Create Group–>Test_Grp.
Step 3: Add the created user to the Group, under Identity–>Groups–>GroupName–>Add User To Group
Step 4: Go under Identity–>Policies–>Create–>Policy
With this, we have successfully created a user, created a group, added the user to the group, defined a policy statement allowing access to the group.
Note: In this, we have given the policy statement at tenancy level with all the permissions and privileges, same as the admin, but for production env, it should not be implemented as no user other than the Admin should have all the permissions. (if-else required)
In Oracle Cloud Infrastructure, you can give access to the resources to users only when Users are added to a group and there is a policy defined for that specific group to access a particular resource.
- Oracle Cloud Infrastructure (OCI): Region, AD, Tenancy, Compartment, VCN, IAM, Storage Service
- Oracle Cloud Infrastructure (OCI): Unable To Create a Policy Under a Compartment
- [Q/A] 1Z0-932 Oracle Cloud Infrastructure Architect Certification Day 2: IAM (Compartments, Policies, Users, Groups)
- Getting Started with Policies
- Compartment & Policy In Oracle Cloud Infrastructure (OCI): Everything You Must Know
Next Task For You
Begin your journey towards becoming an Oracle [1Z0-1072] Certified Cloud Architect & earn a lot more in 2020 by joining our FREE Masterclass.